I’m using Let’s Encrypt SSL certs on my homelab servers which are periodically re-issued using CertBot. This causes my VMs running GitLab Runners to go stale, and when attempting to reverify, they get ‘x509: certificate signed by unknown authority’ errors.
After a cert re-issue, the steps on the GitLab Runner to update it’s certs again I use are:
openssl s_client -showcerts -connect my-homelab-service-name:443 /dev/null|openssl x509 -outform PEM > gitlab.crt
sudo cp gitlab.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
sudo gitlab-runner restart
sudo gitlab-runner verify
After those steps, the Runner status on the GitLab server is back to active and starts picking up pipeline jobs as normal.